public function countSubThreads($topicid)
{
$counter = 0;
// go through every thread
foreach ($this->threads as $thread) {
if ($thread->getTopTopic() == $topicid) {
if ($thread->getThreadState() != forumtools::$THREADHIDDEN || usertools::containRoles($GLOBALS["adminRoles"], $_SESSION["user"]->getRoles())) {
$counter += 1;
}
$counter += $this->countSubThreads($thread->getId());
}
}
return $counter;
}
<?php
/**
* Code for the most sites for the beginning...
*/
require_once 'config.php';
require_once 'class/user.php';
require_once 'class/smarty/Smarty.class.php';
$template = new Smarty();
session_start();
if (!isset($_SESSION["user"]) && basename($_SERVER['PHP_SELF']) != "login.php") {
header("Location: login.php");
} else {
if (isset($_SESSION["user"]) && usertools::containRoles($GLOBALS["adminRoles"], $_SESSION["user"]->getRoles())) {
$template->assign("admin", true);
}
}
$messages = array();
try {
$connection = new PDO($GLOBALS["db_type"] . ':dbname=' . $GLOBALS["db_dbname"] . ';host=' . $GLOBALS["db_host"] . '', $GLOBALS["db_loginname"], $GLOBALS["db_loginpassword"]);
} catch (PDOException $e) {
array_push($messages, $e->getMessage());
}
public static function setPassword($username, $password, $connection)
{
if (usertools::passwordRequirements($password, $GLOBALS["min_password_length"], $GLOBALS["password_need_specialchars"])) {
$password = hash($GLOBALS["password_hash"], $password);
$connection->exec('UPDATE users SET password="******" WHERE username="******";');
}
}
<?php
require_once 'class/default.php';
if (isset($_SESSION['user']) && $_SESSION['user']->isValid()) {
header("Location: index.php");
}
switch ($_GET['action']) {
case "register":
if (!empty($_POST['name']) && !empty($_POST['username']) && !empty($_POST['password']) && !empty($_POST['password2'])) {
if ($_POST["password"] == $_POST["password2"]) {
// FIXME use default-value from db for role!
array_push($messages, usertools::registerUser($_POST["name"], $_POST["username"], $_POST["password"], 1, $connection));
} else {
array_push($messages, _("Passwords doesn't match"));
}
}
$template->assign("messages", $messages);
$template->display('register.tpl');
break;
case "logout":
$_SESSION["user"]->logout();
header("Location: login.php");
break;
default:
if (!empty($_POST['username']) && !empty($_POST['password'])) {
$user = new user($_POST['username'], $_POST['password'], $connection);
if (isset($_SESSION["user"]) && $user->isValid()) {
header("Location: index.php");
} else {
array_push($messages, _("Wrong Password or user"));
}
}
$newUser = array("name" => $_POST['name'], "password" => $_POST['password'], "broleid" => $roleid);
usertools::editUser($_SESSION['editUser'], $newUser, $connection);
array_push($messages, "Changes where successfull for user " . $_SESSION['editUser']['username']);
} else {
array_push($messages, "Passwords don't match!");
}
}
unset($_SESSION['editUser']);
break;
case "mkuser":
if (!empty($_POST['username']) && !empty($_POST['name'])) {
if ($_POST['password'] == $_POST['password2']) {
$roleid;
foreach (admin::getRoles($connection) as $role) {
if ($role['role'] == $_POST['role']) {
$roleid = $role['roleid'];
}
}
usertools::registerUser($_POST['username'], $_POST['name'], $_POST['password'], $roleid, $connection);
array_push($messages, "User " . $_POST['username'] . "created succefull");
}
}
break;
}
if (!isset($_GET['action']) || $_GET['action'] == "mkedit" || $_GET['action'] == "mkuser") {
$template->assign("messages", $messages);
$users = admin::getUsers($connection);
$template->assign("users", admin::extractFromArray($users, "username"));
$template->display('user.tpl');
}
public function createNewThread($title, $text, $toptopic = -1)
{
$this->connect->exec("INSERT INTO `learncards`.`forum_threads` (`forumid`, `userid`, `title`, `text`, `timestamp`, `toptopic`) VALUES (NULL, '" . $this->user->getId() . "', '" . $title . "', '" . $text . "', CURRENT_TIMESTAMP, '" . $toptopic . "');");
$this->nrOfThreads += 1;
$thread = new thread();
$thread->setId($this->connect->lastInsertId());
$thread->setText($text);
$thread->setTimestamp("");
$thread->setTitle($title);
$thread->setUserId($this->user->getId());
$thread->setTopTopic($toptopic);
$thread->setUsername(usertools::getUsernameById($this->user->getId(), $this->connect));
array_push($this->threads, $thread);
return $this->connect->lastInsertId();
}
<?php
require_once 'class/default.php';
if (isset($_SESSION['user']) && $_SESSION['user']->isValid()) {
header("Location: index.php");
}
$template->assign("registration", $GLOBALS['registration']);
switch ($_GET['action']) {
case "register":
if (!empty($_POST)) {
$userResult = usertools::registerUser($_POST, $connection);
if ($userResult == "0") {
$messages[] = "User " . $_POST['registerUsername'] . " was created successfull!";
$template->assign("messages", $messages);
$template->display('login.tpl');
break;
} else {
var_dump($userResult);
$messages[] = $userResult;
$template->assign("messages", $messages);
$template->assign('errorTitle', "ERROR! Registration failed!");
$template->assign('errorDescription', "There was a failure on registration. Description: " . $userResult);
$template->display('error.tpl');
die;
}
}
$template->display('login.tpl');
break;
case "logout":
if (isset($_SESSION["user"])) {
$_SESSION["user"]->logout();
public function start()
{
require_once $this->folder . "forum.class.php";
$this->connection->exec("CREATE TABLE IF NOT EXISTS `" . $this->getDbPrefix() . "forum_threads` (\n\t\t\t`forumid` int(11) NOT NULL AUTO_INCREMENT,\n\t\t\t`userid` int(11) NOT NULL,\n\t\t\t`title` text NOT NULL,\n\t\t\t`text` text NOT NULL,\n\t\t\t`timestamp` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,\n\t\t\t`toptopic` int(11) NOT NULL,\n\t\t\t`threadstate` int(5) NOT NULL DEFAULT '0',\n\t\t\t`editcounter` int(5) NOT NULL DEFAULT '0',\n\t\t\tPRIMARY KEY (`forumid`)\n\t\t)");
$template = $this->templateObject;
$template->addTemplateDir($this->folder . "forum/");
$connection = $this->connection;
// $template -> assign("allcss", $this->folder."forum/css/sprrtrteech.css");
$template->assign("pluginId", $_GET['plugin']);
$template->assign("folder", $this->folder);
$template->assign("ownuserid", $this->currentUser->getId());
$threads = new allThreads($connection, $_SESSION["user"], $this->getDbPrefix());
switch ($_GET['action']) {
case "createthread":
$dojorequire = array("dijit.Editor", "dojo.parser");
$template->assign("dojorequire", $dojorequire);
$template->assign("savemethod", "new");
return $template->fetch($this->folder . 'forumPlugin_createThread.tpl');
break;
case "reply":
$thread = $threads->getThreadById($_GET['threadid']);
if (!is_null($thread)) {
$dojorequire = array("dijit.Editor", "dojo.parser");
$template->assign("dojorequire", $dojorequire);
$template->assign("threadid", $thread->getId());
$template->assign("threadtitle", $thread->getTitle());
$template->assign("savemethod", "reply");
return $template->fetch($this->folder . 'forumPlugin_reply.tpl');
}
break;
case "deletethread":
if (!empty($_GET['threadid'])) {
$threads->deleteThread($_GET['threadid'], true);
}
break;
case "editthread":
$thread = $threads->getThreadById($_GET['threadid']);
if (!is_null($thread)) {
if ($thread->getUserId() == $this->currentUser->getId() || usertools::containRoles($GLOBALS["adminRoles"], $_SESSION["user"]->getRoles())) {
$dojorequire = array("dijit.Editor", "dojo.parser");
$template->assign("dojorequire", $dojorequire);
$template->assign("threadid", $thread->getId());
$template->assign("savemethod", "edit");
$template->assign("threadtitle", $thread->getTitle());
$template->assign("title", $thread->getTitle());
$template->assign("text", $thread->getText());
return $template->fetch($this->folder . 'forumPlugin_edit.tpl');
} else {
$template->assign("errorTitle", "You haven't enough rights or the thread doesn't exist");
$template->assign("errorDescription", "Please check your roles and verify that this thread exists!");
$template->display('error.tpl');
die;
}
}
break;
case "savethread":
if (!empty($_POST['topictitle']) && !empty($_POST['topictext']) && $_GET['savemethod'] == "new") {
$threads->createNewThread($_POST['topictitle'], $_POST['topictext']);
$template->assign('threads', $threads->getAllTopThreads());
//array_push($messages, "Thread opened");
$template->assign('messages', $messages);
return $template->fetch($this->folder . 'forumPlugin.tpl');
break;
} else {
if (!empty($_POST['topictext']) && !empty($_GET['threadid'])) {
$thread = $threads->getThreadById($_GET['threadid']);
if (!is_null($thread) && ($thread->getThreadState() == forumtools::$THREADACTIVE || $admin) || $allowedAccess == "Admin") {
if (empty($_POST['topictitle'])) {
$_POST['topictitle'] = "";
}
if ($_GET['savemethod'] == "reply") {
// threadid means here the topthreadid
$threads->createNewThread($_POST['topictitle'], $_POST['topictext'], $_GET['threadid']);
} else {
if ($_GET['savemethod'] == "edit") {
$threads->editThread($_POST['topictitle'], $_POST['topictext'], $thread->getEditCounter() + 1, $_GET['threadid']);
$threads->changeThreadState($thread->getId(), $_POST['state']);
}
}
}
} else {
$template->assign('errorTitle', _("No data submitted"));
$template->assign('errorDescription', _("Please use the normal form"));
return $template->fetch('error.tpl');
break;
}
}
header("Location: plugin.php?plugin=" . $_GET['plugin'] . "&action=showthread&threadid=" . $threads->getTopThreadId($_GET['threadid']));
break;
case "showthread":
if (!empty($_GET['threadid'])) {
$thread = $threads->getThreadById($_GET['threadid']);
if (!is_null($thread) && ($thread->getThreadState() != forumtools::$THREADHIDDEN || $admin) || $allowedAccess == "Admin") {
$template->assign('threadTitle', $thread->getTitle());
$template->assign('threadText', $thread->getText());
$template->assign('threadage', $thread->getTimestamp());
$template->assign('threadid', $thread->getId());
$template->assign('username', $thread->getUsername());
$template->assign('userid', $thread->getUserId());
if (isset($user)) {
$template->assign('ownuserid', $user->getId());
}
$subthreads = $threads->getSubThreads($thread->getId(), $admin);
$template->assign('subthreads', $subthreads);
return $template->fetch($this->folder . 'forumPlugin_view.tpl');
} else {
$template->assign('errorTitle', _("No thread found by this id!"));
$template->assign('errorDescription', _("There was no thread with this id."));
return $template->fetch('error.tpl');
}
} else {
$template->assign('errorTitle', _("No thread-id was given"));
$template->assign('errorDescription', _("There was no id for a thread!"));
return $template->fetch('error.tpl');
}
break;
default:
$template->assign('show', $_POST['topictext']);
$template->assign('threads', $threads->getAllTopThreads());
return $template->fetch($this->folder . '/forumPlugin.tpl');
}
}
case "edit":
$template->assign("allcss", array("js/dojo/dojox/editor/plugins/resources/css/Preview.css", "js/dojo/dojox/form/resources/FileUploader.css", "js/dojo/dojox/editor/plugins/resources/css/FindReplace.css"));
$template->assign("onLoadCode", 'dojo.connect(customfieldList,"onDndDrop",function(e){updateCustomfieldList()});');
$template->assign("dojorequire", array("dojo.dnd.Source", "dojox.editor.plugins.Preview", "dojox.editor.plugins.FindReplace"));
if (isset($_POST)) {
usertools::editUser($user->getId(), $_POST, $connection);
}
if (isset($_GET['editId'])) {
$template->assign("editCustomField", $user->getCustomfieldById($_GET['editId']));
}
$template->assign("customfields", $user->getCustomfields($connection));
$template->assign("roles", $user->getRoles());
$template->assign("username", $user->getUsername());
$template->display('profile_edit.tpl');
break;
default:
if (isset($_GET['userid']) && usertools::userIdExists($_GET['userid'], $connection) && $_GET['userid'] != $user->getId()) {
$user = usertools::getAlienUserbyId($_GET['userid'], $connection);
} elseif (isset($_GET['userid']) && $_GET['userid'] == -1) {
$user = new alienuser();
$user->setId(-1);
$user->setUsername("Guest");
} else {
$template->assign("own", true);
$template->assign("roles", $user->getRoles());
}
$template->assign("customfields", $user->getCustomfields($connection));
$template->assign("username", $user->getUsername());
$template->display("profile.tpl");
break;
}
$template->display('users_edituser.tpl');
}
break;
case "createuser":
$template->assign("roles", admin::extractFromArray(admin::getRoles($connection), "role"));
$template->assign("messages", $messages);
$template->display('user_createuser.tpl');
break;
case "mkedit":
if ($_POST['sure'] == "on") {
if ($_POST['password'] == $_POST['password2']) {
usertools::editUser($_GET['userid'], $_POST, $connection);
$messages[] = "Changes where successfull for user " . $_SESSION['editUser']['username'];
} else {
$messages[] = "Passwords don't match!";
}
}
break;
case "mkuser":
$messages[] = usertools::registerUser($_POST, $connection);
break;
}
if (isset($_GET['deleteId'])) {
usertools::deleteUser($_GET['deleteId'], $connection);
}
if (!isset($_GET['action']) || $_GET['action'] == "mkedit" || $_GET['action'] == "mkuser") {
$template->assign("messages", $messages);
$users = admin::getUsers($connection);
$template->assign("users", admin::extractFromArray($users, "username"));
$template->display('user.tpl');
}
$roleid = $role['roleid'];
}
}
$newUser = array("name" => $_POST['name'], "password" => $_POST['password'], "broleid" => $roleid);
usertools::editUser($_SESSION['editUser'], $newUser, $connection);
array_push($messages, "Changes where successfull for user " . $_SESSION['editUser']['username']);
} else {
array_push($messages, "Passwords don't match!");
}
}
unset($_SESSION['editUser']);
break;
case "mkuser":
if (!empty($_POST['username']) && !empty($_POST['name'])) {
if ($_POST['password'] == $_POST['password2']) {
foreach (admin::getRoles($connection) as $role) {
if ($role['role'] == $_POST['role']) {
$roleid = $role['roleid'];
}
}
array_push($messages, usertools::registerUser($_POST['username'], $_POST['name'], $_POST['password'], $roleid, $connection));
}
}
break;
}
if (!isset($_GET['action']) || $_GET['action'] == "mkedit" || $_GET['action'] == "mkuser") {
$template->assign("messages", $messages);
$users = admin::getUsers($connection);
$template->assign("users", admin::extractFromArray($users, "username"));
$template->display('user.tpl');
}
